JGridstart/Help/Copy certificate

From PDP/Grid Wiki
Revision as of 12:40, 29 March 2012 by Wvengen@nikhef.nl (talk | contribs) (add template)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

<sidebar>

  • jGridstart
    • JGridstart|Home
    • JGridstart/Help|Help
    • JGridstart/Support|Support
  • jGridstart for ...
    • JGridstart/Certificate_Authorities|Certificate Authorities
    • JGridstart/Developers|Developers

</sidebar>When you have more than one computer from which you want to use the grid, you need to copy your certificate and key. This is done by exporting on the computer that has your grid credentials, and importing them on another.


Launch jGridstart on computer with existing certificate

Jgridstart-screenshot-start01.png

Launch jGridstart from the webpage of your certificate authority (CA) at the computer that has your certificate and key. The link may be called manage certificates, launch jGridstart, or the like.

You might need to install something called Java first; if that's the case, a button will pop up that directs you to the Java installation site. Please follow the instructions, and go back to the CA page to launch jGridstart.

You will be asked for permission to run the program, because it requires access to your system. Press Run to continue.


Open export dialog

Jgridstart-screenshot-importexport01.png

If you have multiple certificates, select the one you want to export. Then open the menu Actions and select Export... (or use the shortcut key Ctrl-E).


Enter export details

Jgridstart-screenshot-importexport02.png

The export dialog pops up. Browse to a directory where you want to save the exported certificate (for example, on a USB stick), and enter a filename. Then press enter or the Export button.

Which filetype you use is not that important, jGridstart can import both PKCS#12 and PEM (which are the two options). Other software, however, may require the use of PKCS#12. Note that PKCS#12 does not support storing your certificate request, so if you want to move to another computer when your request is not yet approved of, make sure to choose PEM here.

The file you export will contain your certificate and your private key. The latter is private to you only, and must not be shared with others. It is advised to use the same password here as your private key (Use private key password for the exported file checked), but you deselect the option, which will give you an opportunity to enter an export password later.


Enter private key password

Jgridstart-screenshot-importexport03.png

In most cases, you will be asked for the private key password of the currently selected certificate. Please enter it so that the certificate and key can be exported.



Launch jGridstart on computer without certificate

Jgridstart-screenshot-newrequest01.png

Now run jGridstart on the computer where you want to have the grid certificate (same as step 1, but on a different computer). Then open the menu Certificates and select Import... (or use the shortcut key Ctrl-I).


Open the import dialog

Jgridstart-screenshot-importexport04.png

In the import dialog, navigate to the directory where you have the file you exported on the other computer, for example a USB-stick. Select the file in question, and press Import.

Just like export, you can choose whether to use the same password for the certificate key as the file you import from (which is the default). If you deselect the option Use import password as private key password, you will be asked for a private key password.


Install certificate

Jgridstart-screenshot-renew01.png

The screen will now show your certificate. It is a good idea now to install this certificate. After that you're finished. If the imported certificate indeed is your only grid certificate on the computer, you will see the screen displayed here, and you're finished.

If you already had one or more certificates on the computer on which you imported the certificate, it will be added to the list of available certificates. In that case, you may want to read up on how to work with multiple certificates, since your default certificate won't be the one you imported.